Bugtraq mailing list archives
Re: passwd -F
From: rwing!pat () ole cdac com (Pat Myrto)
Date: Tue, 10 May 94 21:51:00 PDT
"In the previous message, Steve Mitchell said..."
FYI, this vulnerability exists on 4.1.3_U1. I do not know how widespread knowledge of this vulnerability is, but I have seen Suns running a modified passwd program that has "-F option disabled" (according to the message output by passwd). So somebody out there has known about it for a while. The following trivial perl script allows non-privileged users to easily read any file on the system.
Gleep! I stand corrected. But does this give all the contents of the file that is thus opened (I have not actually tried to exploit this problem, I am not running the stock passwd command). But the fix would seem to be to replace the passwd command. I have a copy of passwd+ I severely hacked on (butchered?) so that it works with the passwd.adjunct file (replaced so users cannot be changing their fullname, another annoying feature of the stock passwd command - users changing their fullname to nonsense or names that do not identify them, etc). -- pat@rwing [If all fails, try: rwing!pat () ole cdac com] Pat Myrto - Seattle WA "No one has the right to destroy another person's belief by demanding empirical evidence." -- Ann Landers, nationally syndicated advice columnist and Director at Handgun Control Inc.
Current thread:
- Re: new iss stuff, (continued)
- Re: new iss stuff root () maths su oz au (May 10)
- Re: new iss stuff der Mouse (May 10)
- Re: new iss stuff Timothy Newsham (May 10)
- Re: new iss stuff jallen () nersc gov (May 10)
- Re: new iss stuff Pat Myrto (May 10)
- Re: new iss stuff Andrew Watts (May 10)
- Re: new iss stuff Pat Myrto (May 10)
- Re: new iss stuff Steven C. Blair (May 10)
- iss: _my_ last two cents der Mouse (May 11)
- Re: new iss stuff Pat Myrto (May 10)
- passwd -F Steve Mitchell (May 10)
- Re: passwd -F Pat Myrto (May 10)
- Re: passwd -F Daniel Azuelos (May 11)
- Re: passwd -F Casper Dik (May 11)